Re: [Freeipa-users] IPA Master Issue - Not starting
Hi Petr, Thanks for your help the other day. Something is bringing down my master instance. i am seeing mismatch on master [root@master init.d]# kvno DNS/master.domain@domain.com DNS/master.domain@domain.com: kvno = 8 [root@master init.d]# klist -kt /etc/named.keytab Keytab name: FILE:/etc/named.keytab KVNO Timestamp Principal - 33 08/20/14 16:41:42 DNS/master.domain@domain.com 33 08/20/14 16:41:42 DNS/master.domain@domain.com 33 08/20/14 16:41:42 DNS/master.domain@domain.com 33 08/20/14 16:41:42 DNS/master.domain@domain.com 34 08/20/14 16:53:29 DNS/master.domain@domain.com 34 08/20/14 16:53:29 DNS/master.domain@domain.com 34 08/20/14 16:53:29 DNS/master.domain@domain.com 34 08/20/14 16:53:29 DNS/master.domain@domain.com 35 08/20/14 16:59:37 DNS/master.domain@domain.com 35 08/20/14 16:59:37 DNS/master.domain@domain.com 35 08/20/14 16:59:37 DNS/master.domain@domain.com 35 08/20/14 16:59:37 DNS/master.domain@domain.com 38 08/20/14 17:02:30 DNS/master.domain@domain.com 38 08/20/14 17:02:30 DNS/master.domain@domain.com 38 08/20/14 17:02:30 DNS/master.domain@domain.com 38 08/20/14 17:02:30 DNS/master.domain@domain.com 41 08/20/14 17:07:45 DNS/master.domain@domain.com 41 08/20/14 17:07:45 DNS/master.domain@domain.com 41 08/20/14 17:07:45 DNS/master.domain@domain.com 41 08/20/14 17:07:45 DNS/master.domain@domain.com 42 08/20/14 17:13:17 DNS/master.domain@domain.com 42 08/20/14 17:13:17 DNS/master.domain@domain.com 42 08/20/14 17:13:17 DNS/master.domain@domain.com 42 08/20/14 17:13:17 DNS/master.domain@domain.com 45 08/20/14 17:20:34 DNS/master.domain@domain.com 45 08/20/14 17:20:34 DNS/master.domain@domain.com 45 08/20/14 17:20:34 DNS/master.domain@domain.com 45 08/20/14 17:20:34 DNS/master.domain@domain.com 46 08/20/14 17:35:00 DNS/master.domain@domain.com 46 08/20/14 17:35:00 DNS/master.domain@domain.com 46 08/20/14 17:35:00 DNS/master.domain@domain.com 46 08/20/14 17:35:00 DNS/master.domain@domain.com 47 08/20/14 17:37:43 DNS/master.domain@domain.com 47 08/20/14 17:37:43 DNS/master.domain@domain.com 47 08/20/14 17:37:43 DNS/master.domain@domain.com 47 08/20/14 17:37:43 DNS/master.domain@domain.com 48 08/20/14 17:41:42 DNS/master.domain@domain.com 48 08/20/14 17:41:42 DNS/master.domain@domain.com 48 08/20/14 17:41:42 DNS/master.domain@domain.com 48 08/20/14 17:41:42 DNS/master.domain@domain.com 49 08/20/14 17:43:43 DNS/master.domain@domain.com 49 08/20/14 17:43:44 DNS/master.domain@domain.com 49 08/20/14 17:43:44 DNS/master.domain@domain.com 49 08/20/14 17:43:44 DNS/master.domain@domain.com [root@master init.d]# also here is output from /var/log/messages whilst trying to ipactl start [root@master init.d]# sudo ipactl start Starting Directory Service Starting dirsrv: domain-COM... [ OK ] PKI-IPA... [ OK ] Starting KDC Service Starting Kerberos 5 KDC: [ OK ] Starting KPASSWD Service Starting Kerberos 5 Admin Server: [ OK ] Starting DNS Service Starting named: 2014-08-20T18:00:22.098747+10:00 master named[20827]: starting BIND 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 -u named 2014-08-20T18:00:22.099552+10:00 master named[20827]: built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' '--enable-fixed-rrset' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS= -DDIG_SIGCHASE' 2014-08-20T18:00:22.099633+10:00 master named[20827]: 2014-08-20T18:00:22.099688+10:00 master named[20827]: BIND 9 is maintained by Internet Systems Consortium, 2014-08-20T18:00:22.099750+10:00 master named[20827]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Re: [Freeipa-users] IPA Master Issue - Not starting
On 20.8.2014 10:02, Peter Grant wrote: Hi Petr, Thanks for your help the other day. Something is bringing down my master instance. i am seeing mismatch on master [root@master init.d]# kvno DNS/master.domain@domain.com DNS/master.domain@domain.com: kvno = 8 [root@master init.d]# klist -kt /etc/named.keytab Keytab name: FILE:/etc/named.keytab KVNO Timestamp Principal - 33 08/20/14 16:41:42 DNS/master.domain@domain.com 33 08/20/14 16:41:42 DNS/master.domain@domain.com 33 08/20/14 16:41:42 DNS/master.domain@domain.com 33 08/20/14 16:41:42 DNS/master.domain@domain.com 34 08/20/14 16:53:29 DNS/master.domain@domain.com 34 08/20/14 16:53:29 DNS/master.domain@domain.com 34 08/20/14 16:53:29 DNS/master.domain@domain.com 34 08/20/14 16:53:29 DNS/master.domain@domain.com 35 08/20/14 16:59:37 DNS/master.domain@domain.com 35 08/20/14 16:59:37 DNS/master.domain@domain.com 35 08/20/14 16:59:37 DNS/master.domain@domain.com 35 08/20/14 16:59:37 DNS/master.domain@domain.com 38 08/20/14 17:02:30 DNS/master.domain@domain.com 38 08/20/14 17:02:30 DNS/master.domain@domain.com 38 08/20/14 17:02:30 DNS/master.domain@domain.com 38 08/20/14 17:02:30 DNS/master.domain@domain.com 41 08/20/14 17:07:45 DNS/master.domain@domain.com 41 08/20/14 17:07:45 DNS/master.domain@domain.com 41 08/20/14 17:07:45 DNS/master.domain@domain.com 41 08/20/14 17:07:45 DNS/master.domain@domain.com 42 08/20/14 17:13:17 DNS/master.domain@domain.com 42 08/20/14 17:13:17 DNS/master.domain@domain.com 42 08/20/14 17:13:17 DNS/master.domain@domain.com 42 08/20/14 17:13:17 DNS/master.domain@domain.com 45 08/20/14 17:20:34 DNS/master.domain@domain.com 45 08/20/14 17:20:34 DNS/master.domain@domain.com 45 08/20/14 17:20:34 DNS/master.domain@domain.com 45 08/20/14 17:20:34 DNS/master.domain@domain.com 46 08/20/14 17:35:00 DNS/master.domain@domain.com 46 08/20/14 17:35:00 DNS/master.domain@domain.com 46 08/20/14 17:35:00 DNS/master.domain@domain.com 46 08/20/14 17:35:00 DNS/master.domain@domain.com 47 08/20/14 17:37:43 DNS/master.domain@domain.com 47 08/20/14 17:37:43 DNS/master.domain@domain.com 47 08/20/14 17:37:43 DNS/master.domain@domain.com 47 08/20/14 17:37:43 DNS/master.domain@domain.com 48 08/20/14 17:41:42 DNS/master.domain@domain.com 48 08/20/14 17:41:42 DNS/master.domain@domain.com 48 08/20/14 17:41:42 DNS/master.domain@domain.com 48 08/20/14 17:41:42 DNS/master.domain@domain.com 49 08/20/14 17:43:43 DNS/master.domain@domain.com 49 08/20/14 17:43:44 DNS/master.domain@domain.com 49 08/20/14 17:43:44 DNS/master.domain@domain.com 49 08/20/14 17:43:44 DNS/master.domain@domain.com [root@master init.d]# also here is output from /var/log/messages whilst trying to ipactl start [root@master init.d]# sudo ipactl start Starting Directory Service Starting dirsrv: domain-COM... [ OK ] PKI-IPA... [ OK ] Starting KDC Service Starting Kerberos 5 KDC: [ OK ] Starting KPASSWD Service Starting Kerberos 5 Admin Server: [ OK ] Starting DNS Service Starting named: 2014-08-20T18:00:22.098747+10:00 master named[20827]: starting BIND 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 -u named 2014-08-20T18:00:22.099552+10:00 master named[20827]: built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' '--enable-fixed-rrset' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FO! RTIFY_SOUR CE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS= -DDIG_SIGCHASE' 2014-08-20T18:00:22.099633+10:00 master named[20827]: 2014-08-20T18:00:22.099688+10:00 master named[20827]: BIND 9 is maintained by Internet Systems Consortium,
Re: [Freeipa-users] IPA Master Issue - Not starting
Petr Spacek wrote: On 20.8.2014 10:02, Peter Grant wrote: Hi Petr, Thanks for your help the other day. Something is bringing down my master instance. i am seeing mismatch on master [root@master init.d]# kvno DNS/master.domain@domain.com DNS/master.domain@domain.com: kvno = 8 [root@master init.d]# klist -kt /etc/named.keytab Keytab name: FILE:/etc/named.keytab KVNO Timestamp Principal - 33 08/20/14 16:41:42 DNS/master.domain@domain.com 33 08/20/14 16:41:42 DNS/master.domain@domain.com 33 08/20/14 16:41:42 DNS/master.domain@domain.com 33 08/20/14 16:41:42 DNS/master.domain@domain.com 34 08/20/14 16:53:29 DNS/master.domain@domain.com 34 08/20/14 16:53:29 DNS/master.domain@domain.com 34 08/20/14 16:53:29 DNS/master.domain@domain.com 34 08/20/14 16:53:29 DNS/master.domain@domain.com 35 08/20/14 16:59:37 DNS/master.domain@domain.com 35 08/20/14 16:59:37 DNS/master.domain@domain.com 35 08/20/14 16:59:37 DNS/master.domain@domain.com 35 08/20/14 16:59:37 DNS/master.domain@domain.com 38 08/20/14 17:02:30 DNS/master.domain@domain.com 38 08/20/14 17:02:30 DNS/master.domain@domain.com 38 08/20/14 17:02:30 DNS/master.domain@domain.com 38 08/20/14 17:02:30 DNS/master.domain@domain.com 41 08/20/14 17:07:45 DNS/master.domain@domain.com 41 08/20/14 17:07:45 DNS/master.domain@domain.com 41 08/20/14 17:07:45 DNS/master.domain@domain.com 41 08/20/14 17:07:45 DNS/master.domain@domain.com 42 08/20/14 17:13:17 DNS/master.domain@domain.com 42 08/20/14 17:13:17 DNS/master.domain@domain.com 42 08/20/14 17:13:17 DNS/master.domain@domain.com 42 08/20/14 17:13:17 DNS/master.domain@domain.com 45 08/20/14 17:20:34 DNS/master.domain@domain.com 45 08/20/14 17:20:34 DNS/master.domain@domain.com 45 08/20/14 17:20:34 DNS/master.domain@domain.com 45 08/20/14 17:20:34 DNS/master.domain@domain.com 46 08/20/14 17:35:00 DNS/master.domain@domain.com 46 08/20/14 17:35:00 DNS/master.domain@domain.com 46 08/20/14 17:35:00 DNS/master.domain@domain.com 46 08/20/14 17:35:00 DNS/master.domain@domain.com 47 08/20/14 17:37:43 DNS/master.domain@domain.com 47 08/20/14 17:37:43 DNS/master.domain@domain.com 47 08/20/14 17:37:43 DNS/master.domain@domain.com 47 08/20/14 17:37:43 DNS/master.domain@domain.com 48 08/20/14 17:41:42 DNS/master.domain@domain.com 48 08/20/14 17:41:42 DNS/master.domain@domain.com 48 08/20/14 17:41:42 DNS/master.domain@domain.com 48 08/20/14 17:41:42 DNS/master.domain@domain.com 49 08/20/14 17:43:43 DNS/master.domain@domain.com 49 08/20/14 17:43:44 DNS/master.domain@domain.com 49 08/20/14 17:43:44 DNS/master.domain@domain.com 49 08/20/14 17:43:44 DNS/master.domain@domain.com [root@master init.d]# also here is output from /var/log/messages whilst trying to ipactl start [root@master init.d]# sudo ipactl start Starting Directory Service Starting dirsrv: domain-COM... [ OK ] PKI-IPA... [ OK ] Starting KDC Service Starting Kerberos 5 KDC: [ OK ] Starting KPASSWD Service Starting Kerberos 5 Admin Server: [ OK ] Starting DNS Service Starting named: 2014-08-20T18:00:22.098747+10:00 master named[20827]: starting BIND 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1 -u named 2014-08-20T18:00:22.099552+10:00 master named[20827]: built with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--target=x86_64-redhat-linux-gnu' '--program-prefix=' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--with-libtool' '--localstatedir=/var' '--enable-threads' '--enable-ipv6' '--with-pic' '--disable-static' '--disable-openssl-version-check' '--with-dlz-ldap=yes' '--with-dlz-postgres=yes' '--with-dlz-mysql=yes' '--with-dlz-filesystem=yes' '--with-gssapi=yes' '--disable-isc-spnego' '--with-docbook-xsl=/usr/share/sgml/docbook/xsl-stylesheets' '--enable-fixed-rrset' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'target_alias=x86_64-redhat-linux-gnu' 'CFLAGS= -O2 -g -pipe -Wall -Wp,-D_FO! RTIFY_SOUR CE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' 'CPPFLAGS= -DDIG_SIGCHASE' 2014-08-20T18:00:22.099633+10:00 master named[20827]: 2014-08-20T18:00:22.099688+10:00 master
Re: [Freeipa-users] IPA Master Issue - Not starting
Hello, On 15.8.2014 03:52, Peter Grant wrote: 2014-08-15T11:43:46.434383+10:00 host named[6470]: Failed to init credentials (Decrypt integrity check failed) 2014-08-15T11:43:46.434884+10:00 host named[6470]: loading configuration: failure 2014-08-15T11:43:46.434991+10:00 host named[6470]: exiting (due to fatal error) 2014-08-15T11:43:47.435187+10:00 host ns-slapd: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (Cannot contact any KDC for realm ‘DOMAIN.COM') For named issue please follow instructions on https://fedorahosted.org/bind-dyndb-ldap/wiki/BIND9/NamedCannotStart#a3.FailedtoinitcredentialsorFailedtogetinitialcredentialsDecryptintegritycheckfailedorClientscredentialshavebeenrevoked It seems that /etc/named.keytab is somehow corrupted or obsolete. Also, KDC logs in /var/log/krb5kdc.log can tell you more. I hope that others will add ideas about other errors. -- Petr^2 Spacek -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
